Google has open sourced ClusterFuzz, one of its automated bug-hunting tools that has helped it find around 16,000 bugs in Chrome.

The so-called fuzzing tool, or rather infrastructure, is adept at finding memory-corruption bugs that often end up requiring a security patch.

Until now, only Google engineers and select open-source projects have been able to use ClusterFuzz. But now any software developer can use the automated bug hunter, Google has announced.

Google has employed ClusterFuzz in tandem with OSS-Fuzz, another fuzzing tool it open-sourced two years ago. Together, OSS-Fuzz and ClusterFuzz have uncovered 11,000 bugs in 160 open-source projects. Meanwhile, ClusterFuzz has found 16,000 bugs in Chrome, helping Google patch a browser that’s used by over a billion people.

Google’s instances of ClusterFuzz run on over 25,000 machines on the Google Cloud Platform, relying on Google’s cloud-storage, database, monitoring and data-warehouse technologies.

However, now that it’s open, developers can also test ClusterFuzz on local clusters with a few limitations due to features dependent on Google Cloud.

The way it works in Google cloud is that Google uploads the program it wants to test, throws unexpected inputs at it, and after finding a crash, it automatically files a bug, and engineers set to work on fixing it.

For the most part though the workflow is automated, including bug detection, triage, bug reporting, and closing off a bug report.

As Google notes, automated testing offered by fuzzing products as complex as a browser saves time and catches bugs that can slip through manual code reviews. Back in 2012, Google was using ClusterFuzz to run 50 million test cases per day against various Chrome builds.

Significant open-source projects have been able to apply to be accepted onto the OSS-Fuzz program for few years now, and receive bug reports from Google. Only software projects with either a large user base or that play a critical role in global IT infrastructure can join.

Those that are accepted to the program also get access to ClusterFuzz tools, such as crash and fuzzing statistics, and they’re expected to meet Google’s 90 disclosure deadline.

Google late last year beefed up automation features of OSS-Fuzz in the cloud so that bugs found with the tool no longer need to be manually reported to public bug trackers.

Google hopes that by opening up ClusterFuzz to all, it will encourage all software developers – not just open source developers – to integrate fuzzing into their workflows.

“We developed ClusterFuzz over eight years to fit seamlessly into developer workflows, and to make it dead simple to find bugs and get them fixed,” Google’s ClusterFuzz team writes.

“It is an integral part of the development process of Chrome and many other open-source projects,” they added.